I have spring boot application that runs in 4 instances. I used 1 Redis as centralized session management. Currently, the session was successfully stored in Redis. In my custom WebSecurityConfigurerAdapter I set the following by overriding configure function.
....@Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); }However, this configuration only works in single instance (by using normal and incognito mode). When, I accessed different instances (for example instance A and B) with same credential, the sessions were appended and none of them was invalidated. I followed some post by changing the bean of sessionRegistry
@Autowired private FindByIndexNameSessionRepository<? extends Session> sessionRepository; @Bean public SessionRegistry sessionRegistry() { return new SpringSessionBackedSessionRegistry<>(sessionRepository); }Instead of the app runs, I got an exception regarding bean creation of sessionRegistry.
Anyone has a suggestion to achieve how to ensure 1 user have only 1 active session?Thank you